Manager, DevSecOps Engineering

About Gap Inc.

Our brands bridge the gaps we see in the world. Old Navy democratizes style to ensure everyone has access to quality fashion at every price point. Athleta unleashes the potential of every woman, regardless of body size, age or ethnicity. Banana Republic believes in sustainable luxury for all. And Gap inspires the world to bring individuality to modern, responsibly made essentials.     

This simple idea—that we all deserve to belong, and on our own terms—is core to who we are as a company and how we make decisions. Our team is made up of thousands of people across the globe who take risks, think big, and do good for our customers, communities, and the planet. Ready to  learn fast, create with audacity and lead boldly? Join our team.

About the Role

In this role, you will lead the strategy, design, and delivery of security engineering solutions that protect the company's assets, infrastructure, and software supply chain. You will manage a team of security and DevOps engineers, driving a culture of security-first delivery across Cloud Security, CI/CD Pipeline Security, Product Security and Infrastructure Security. You will partner closely with Engineering, Product, and Leadership to set direction and ensure the business ships software with speed and confidence.

What You'll Do

• Lead the design, development, and implementation of information security solutions across Cloud Security, Infrastructure Security & Product Security.
• Own the security strategy for CI/CD pipelines, including automated testing, SAST/DAST scanning, dependency checks, and secrets detection — providing technical advisory and governance across hybrid, multi-cloud environments.
• Drive cloud security posture management, runtime protection, and code security through industry-leading cloud security and edge protection capabilities, ensuring continuous compliance and risk reduction.
• Define and enforce security policies, standards, and best practices that balance delivery speed with a strong security posture, in alignment with regulatory and legal requirements.
• Lead automation initiatives across cloud security processes, reducing manual effort and improving consistency at scale.
• Oversee API security standards and runtime protection across services and microservices architectures.
• Manage infrastructure security controls using infrastructure-as-code and container orchestration tooling, in line with container security best practices.
• Anticipate operational and program risks, developing preventative measures and driving rapid incident response across environments.
• Translate functional security requirements into technical roadmaps, guiding your team from strategy through to execution.
• Define, track, and communicate security metrics and key performance indicators — creating actionable insights from data to inform prioritization, demonstrate delivery effectiveness, and drive continuous improvement.
• Build strong cross-functional relationships with product and engineering squads, embedding security into development workflows and acting as a trusted security advisor at the leadership level.

Who You Are

• A proven leader with hands-on depth in DevSecOps or security engineering, and the ability to inspire, grow, and manage a high-performing team.
• Demonstrate deep knowledge of infrastructure security practices, concepts, and technologies, with proficiency across cloud security capabilities and modern security methodologies.
• Experience governing CI/CD pipelines and authoring configuration management and deployment tooling across modern CI/CD platforms.
• Strong scripting and development skills across languages such as Python, Bash, Go, or Java.
• Solid understanding of cloud security concepts including network segmentation and secrets management across major cloud providers.
• Experience anticipating operational risks and driving preventative measures across complex, fast-moving engineering environments.
• A confident communicator who can translate security priorities to developers, stakeholders, and executives alike.
• Familiarity with AI and machine learning capabilities as applied to DevSecOps and infrastructure management — including AI-assisted threat detection, anomaly detection, intelligent vulnerability triage, and the use of AI-powered tooling to enhance security automation and operational insight — is considered a strong advantage.
• Background in Computer Science, Information Security, or equivalent practical experience.

Benefits at Gap Inc.

• Merchandise discount for our brands: 50% off regular-priced merchandise at Old Navy, Gap, Banana Republic and Athleta, and 30% off at Outlet for all employees.
• One of the most competitive Paid Time Off plans in the industry.*
• Employees can take up to five “on the clock” hours each month to volunteer at a charity of their choice.*
• Extensive 401(k) plan with company matching for contributions up to four percent of an employee’s base pay.*
• Employee stock purchase plan.*
• Medical, dental, vision and life insurance.*
• See more of the benefits we offer.

*For eligible employees